skill-article-publisher
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Python
subprocessmodule to execute system-level commands for git automation and project builds. \n - Evidence in
scripts/publish_article.py: Executesgit status,git add,git commit,git push, andnpm run build. \n - Evidence in
scripts/validate_mdx.py: Executesnpm run buildandpython scripts/validate_mdx.py. \n- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection as it ingests and processes user-controlled MDX files to drive automated actions. \n - Ingestion points: Reads and parses MDX files from user-specified paths in
scripts/validate_mdx.pyandscripts/publish_article.py. \n - Boundary markers: No specific delimiters or instructions are used to separate article content from the automation logic. \n
- Capability inventory: Includes filesystem access, subprocess execution (
git,npm), and the ability to push changes to remote repositories. \n - Sanitization: The skill performs syntax validation for specific MDX patterns (like unescaped operators) but does not sanitize or validate file content or metadata before using it in automated git and build workflows.
Audit Metadata